So much vulnerable dependencies while creating a react app

[haneenmahd]

Describe the bug

It appears that there are so many vulnerable dependencies in the created react app,

(Write your answer here.)

Did you try recovering your dependencies?

Yes, but It never worked
(Write your answer here.)

Which terms did you search for in User Guide?

(Write your answer here if relevant.)

Environment

Environment Info:

  current version of create-react-app: 4.0.3
  running from /home/gitpod/.npm/_npx/c67e74de0542c87c/node_modules/create-react-app

  System:
    OS: Linux 5.13 Ubuntu 20.04.2 LTS (Focal Fossa)
    CPU: (16) x64 Intel(R) Xeon(R) CPU @ 2.80GHz
  Binaries:
    Node: 16.13.0 - ~/.nvm/versions/node/v16.13.0/bin/node
    Yarn: 1.22.17 - ~/.nvm/versions/node/v16.13.0/bin/yarn
    npm: 8.3.0 - ~/.nvm/versions/node/v16.13.0/bin/npm
  Browsers:
    Chrome: Not Found
    Firefox: Not Found
  npmPackages:
    react: ^17.0.2 => 17.0.2 
    react-dom: ^17.0.2 => 17.0.2 
    react-scripts: 4.0.3 => 4.0.3 
  npmGlobalPackages:
    create-react-app: Not Found

(paste the output of the command here.)

Steps to reproduce

(Write your steps here:)

1. go to command line
2. run `npx create-react-app my app
3. run yarn audit
4. see all the vulnerabilities, I got 87

Expected behavior

Have some stable versions of packages and dependencies
(Write what you thought would happen.)

Actual behavior

(Write what happened. Please add screenshots!)

Reproducible demo

Example Project
(Paste the link to an example project and exact instructions to reproduce the issue.)

[benayat]

it's there for months now, it's like they gave up...

[haneenmahd]

it's there for months now, it's like they gave up...

Its so annoying while building an open source project

[sg-wk]

Will there ever be a new version that fixes all that stuff?!

[haneenmahd]

Will there ever be a new version that fixes all that stuff?!

this is actually serious issue 🧐

[gaearon]

Read this please.
#11174